Tag: supply-chain
-
GitHub Action compromise linked to previously undisclosed attack
by
in SecurityNewsResearchers uncovered a March 11 incident that may have led to the larger supply chain attack.;; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/github-action-compromise-linked-undisclosed-attack/743079/
-
GitHub Action supply chain attack exposed secrets in 218 repos
by
in SecurityNewsThe compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to the supply chain attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-action-supply-chain-attack-exposed-secrets-in-218-repos/
-
Too many software supply chain defense bibles? Boffins distill advice
by
in SecurityNewsHow to avoid another SolarWinds, Log4j, and XZ Utils situation First seen on theregister.com Jump to article: www.theregister.com/2025/03/20/software_supply_chain_defense/
-
Supply-chain CAPTCHA attack hits over 100 car dealerships
by
in SecurityNewsA security researcher has discovered that the websites of over 100 car dealerships have been compromised in a supply-chain attack that attempted to infect the PCs of internet visitors. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/supply-chain-captcha-attack-hits-over-100-car-dealerships
-
The Importance of Code Signing Best Practices in the Software Development Lifecycle
by
in SecurityNewsTo ensure a secure software supply chain, the need for robust security measures cannot be overstated. One such measure, which serves as a cornerstone for safeguarding software authenticity and integrity, is code signing. Code signing is a process that involves attaching a digital signature to executables, scripts, or software packages. This digital signature verifies that……
-
Chinese military-linked companies dominate US digital supply chain
by
in SecurityNewsDespite growing national security concerns and government restrictions, Chinese military-linked companies remain deeply embedded in the US digital supply chain, according to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/20/digital-supply-chain-security-concerns/
-
The Importance of Code Signing Best Practices in the Software Development Lifecycle
by
in SecurityNewsTo ensure a secure software supply chain, the need for robust security measures cannot be overstated. One such measure, which serves as a cornerstone for safeguarding software authenticity and integrity, is code signing. Code signing is a process that involves attaching a digital signature to executables, scripts, or software packages. This digital signature verifies that……
-
The Importance of Code Signing Best Practices in the Software Development Lifecycle
by
in SecurityNewsTo ensure a secure software supply chain, the need for robust security measures cannot be overstated. One such measure, which serves as a cornerstone for safeguarding software authenticity and integrity, is code signing. Code signing is a process that involves attaching a digital signature to executables, scripts, or software packages. This digital signature verifies that……
-
The Importance of Code Signing Best Practices in the Software Development Lifecycle
by
in SecurityNewsTo ensure a secure software supply chain, the need for robust security measures cannot be overstated. One such measure, which serves as a cornerstone for safeguarding software authenticity and integrity, is code signing. Code signing is a process that involves attaching a digital signature to executables, scripts, or software packages. This digital signature verifies that……
-
The Importance of Code Signing Best Practices in the Software Development Lifecycle
by
in SecurityNewsTo ensure a secure software supply chain, the need for robust security measures cannot be overstated. One such measure, which serves as a cornerstone for safeguarding software authenticity and integrity, is code signing. Code signing is a process that involves attaching a digital signature to executables, scripts, or software packages. This digital signature verifies that……
-
The Importance of Code Signing Best Practices in the Software Development Lifecycle
by
in SecurityNewsTo ensure a secure software supply chain, the need for robust security measures cannot be overstated. One such measure, which serves as a cornerstone for safeguarding software authenticity and integrity, is code signing. Code signing is a process that involves attaching a digital signature to executables, scripts, or software packages. This digital signature verifies that……
-
Supply-Chain-Angriff auf die Webseiten von 100+ US-Automobilhändlern
by
in SecurityNewsAuto Dealership Supply Chain Attack First seen on rmceoin.github.io Jump to article: rmceoin.github.io/malware-analysis/2025/03/13/supply-chain.html
-
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
by
in SecurityNews
Tags: breach, cisa, cve, cybersecurity, exploit, flaw, github, infrastructure, kev, malicious, supply-chain, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog.The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote First…
-
Critical vulnerability in AMI MegaRAC BMC allows server’ takeover
by
in SecurityNews
Tags: access, advisory, api, apt, attack, authentication, control, credentials, cve, cyberespionage, cybersecurity, data, data-breach, endpoint, exploit, firewall, firmware, flaw, group, infrastructure, Internet, linux, malicious, malware, network, ransomware, supply-chain, technology, training, update, vulnerabilityth vulnerability that Eclypsium researchers found in MegaRAC, the BMC firmware implementation from UEFI/BIOS vendor American Megatrends (AMI). BMCs are microcontrollers present on server motherboards that have their own firmware, dedicated memory, power, and network ports and are used for out-of-band management of servers when their main operating systems are shut down.Administrators can access BMCs…
-
GitHub Action hack likely led to another in cascading supply chain attack
by
in SecurityNewsA cascading supply chain attack that began with the compromise of the “reviewdog/action-setup@v1” GitHub Action is believed to have led to the recent breach of “tj-actions/changed-files” that leaked CI/CD secrets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-action-hack-likely-led-to-another-in-cascading-supply-chain-attack/
-
ClickFix supply chain attack impacts over 100 car dealerships
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/clickfix-supply-chain-attack-impacts-over-100-car-dealerships
-
Thousands of GitHub repositories’ secrets exposed by supply chain compromise
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/thousands-of-github-repositories-secrets-exposed-by-supply-chain-compromise
-
Second GitHub Actions Supply Chain Attack Discovered
by
in SecurityNewsMalicious Code Injected in reviewdog Just Hours Before tj-actions Backdoored. Just days after researchers discovered an attack that subverted a widely used tool for software development platform GitHub, they discovered a second, prior attack, as part of what one expert said may be a chain of supply chain attacks eventually leading to a specific high-value…
-
New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors
by
in SecurityNewsCybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code.”This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent First seen on thehackernews.com Jump…
-
Die Lieferkette als primäres Ziel für Cyberangreifer
by
in SecurityNewsMit dem stetigen Voranschreiten der digitalen Transformation in den letzten Jahren wurden Unternehmen zunehmend abhängig von zahlreichen Partnern und Lieferanten. Diese Verschiebung hat zu einer komplexeren IT-Infrastruktur geführt und signifikant die Angriffsfläche vergrößert, die Cyberkriminelle ausnutzen können. Sie haben es auf das schwächste Glied in der Lieferkette abgesehen, um Zugang zum Gesamtsystem zu bekommen. Ein…
-
Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos
by
in SecurityNewsAd giant just confirmed its cloudy arm will embrace security shop in $30B deal First seen on theregister.com Jump to article: www.theregister.com/2025/03/18/wiz_github_supply_chain/
-
GitHub Actions supply chain attack spotlights CI/CD risks
by
in SecurityNewsExperts say a GitHub Actions vulnerability should renew enterprises’ attention to securing build pipelines the same way they secure production environments. First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366621078/GitHub-Actions-supply-chain-attack-spotlights-CI-CD-risks
-
GitHub Action tj-actions/changed-files was compromised in supply chain attack
by
in SecurityNewsThe GitHub Action tj-actions/changed-files was compromised, enabling attackers to extract secrets from repositories using the CI/CD workflow. Researchers reported that threat actors compromised the GitHub Action tj-actions/changed-files, allowing the leak of secrets from repositories using the continuous integration and continuous delivery CI/CD workflow. The tj-actions/changed-files GitHub Action is used in over 23,000 repositories, it automates workflows by…
-
Third of UK Supply Chain Relies on “Chinese Military” Companies
by
in SecurityNewsBitsight reveals that UK companies are more exposed to cyber risk than global peers via their digital supply chains First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/third-uk-supply-chain-relies/
-
Hackers target AI and crypto as software supply chain risks grow
by
in SecurityNewsThe growing sophistication of software supply chain attacks is driven by widespread flaws in open-source and third-party commercial software, along with malicious campaigns … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/18/software-supply-chain-risks/
-
Supply Chain Attack Targets 23,000 GitHub Repositories
by
in SecurityNewsA critical security incident has been uncovered involving the popular GitHub Action tj-actions/changed-files, which is used in over 23,000 repositories. The attack involves a malicious modification of the Action’s code, leading to the exposure of CI/CD secrets in GitHub Actions build logs. This vulnerability was detected by StepSecurity’s Harden-Runner, a tool designed to secure CI/CD…
-
Supply chain attack against GitHub Action triggers massive exposure of secrets
by
in SecurityNewsThe incident highlights ongoing security concerns in the software supply chain. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/supply-chain-github-exposure-secrets/742693/
-
Supply Chain Attack Targets GitHub Repositories and Secrets
by
in SecurityNewsOver 23,000 Code Repositories at Risk After Malicious Code Added to GitHub Action. Attackers subverted a widely used tool for software development environment GitHub, potentially allowing them to steal secrets from thousands of private code repositories as well as compromise other, widely used open source libraries, binaries and artifacts that use the tool, experts warned.…
-
Supply chain attack on popular GitHub Action exposes CI/CD secrets
by
in SecurityNewsA supply chain attack on the widely used ‘tj-actions/changed-files’ GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/supply-chain-attack-on-popular-github-action-exposes-ci-cd-secrets/
-
FCC creates national security council to counter cyber threats from China
by
in SecurityNews
Tags: 5G, access, ai, attack, breach, china, communications, computing, cyber, cyberattack, cybersecurity, data, espionage, government, group, hacking, incident, infrastructure, Internet, microsoft, office, strategy, supply-chain, technology, threat, vulnerabilityThree-pronged strategy: The council will pursue a tripartite strategy focusing on reducing dependency, mitigating vulnerabilities, and ensuring American technological leadership.First, it aims to reduce American technology and telecommunications sectors’ trade and supply chain dependencies on foreign adversaries. This goal aligns with broader government efforts to “friend-shore” critical technology supply chains and decrease reliance on potentially…